DataDome Achieves SOC 2 Type 2 Compliance

Alongside our mission to rid the web of fraudulent traffic, maintaining our commitment to protect our customers’ data is a core focus at DataDome. As we protect our customers’ websites, mobile applications, and APIs against malicious bots and online fraud, we take every precaution to manage all data in the most secure and efficient way possible.

Today, we are happy to announce that, one year after completing our SOC 2 Type 1 report, we have successfully completed our SOC 2 Type 2 audit!

SOC 2: From Type 1 to Type 2

DataDome is committed to trust and security—and we back up our words with actions. That’s why, after completing our SOC 2 Type 1 report last year, we followed it up by undergoing the process of completing the Type 2 report.

What’s the difference?

A SOC 2 report is for service organizations that hold, store, or process the information of their users.

• SOC Type 1: The Type 1 report describes a service provider’s systems and whether the system is suitably designed to meet relevant trust principles at a point in time.
• SOC Type 2: The Type 2 report details the operational effectiveness of those systems and includes a historical element that shows how controls were managed by a business over a period of time.

Our SOC 2 Type 2 final report demonstrates how our security controls align with AICPA’s SOC 2 standard. This independent validation of security controls is crucial for our customers.

Validation Process

To validate our alignment with SOC 2, we worked hand-in-hand with the world-renowned auditing company Coalfire to evaluate DataDome’s infrastructure, software, processes, and policies for managing customer data based on three “trust service principles”:

• Security
• Availability
• Confidentiality

‍The successful completion of the SOC 2 Type 2 audit is one of the many steps we are taking in our continuous efforts to ensure a safe, secure environment for customer data. To that end, we will continue working on maintaining our SOC 2 Type 2 report going forward.

How DataDome Protects Your Data

DataDome’s data protection and security policies are compliant with current regulations for processing personal data.

In DataDome’s SOC 2 report, for example, you will read how we protect customer data using our:

• Security policies and risk management process.
• Encryption protocols for data at rest and in transit.
• Logical and physical access controls.
• Change management and software development lifecycle (SDLC) process.
• Vulnerability management process.
• Data backup and disaster recovery strategies.
• System monitoring and security incident response management.

To request a copy of our SOC 2 Type 2 report, please contact your DataDome account manager. To learn more about our data privacy policies and compliance to local regulations, please visit us on our dedicated compliance and data privacy page.